Fórumok

SAML support within Liferay?

Alex Ballarin, módosítva 16 év-val korábban

SAML support within Liferay?

New Member Bejegyzések: 13 Csatlakozás dátuma: 2006.11.18. Legújabb bejegyzések
Hi all,

I have been looking for Google Apps integrations and they use SAML SSO (see: en.wikipedia.org/wiki/SAML).

I have seen articles explaining Tomcat integration with other systems using SAML, so I thought that could be achieved by Liferay (so we could use its powerful directory, user admin).

Any ideas will be greatly appreciated, since I need to integrate it with a portal or if I cannot, with simple web apps.

Thanks
Alex
thumbnail
Jonas X. Yuan, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Master Bejegyzések: 993 Csatlakozás dátuma: 2007.04.27. Legújabb bejegyzések
There are a few customers that have same requirements: SAML 2.0 SSO integration in Liferay portal.

Any updates?

http://issues.liferay.com/browse/LPS-8427

Thanks

Jonas Yuan
-----------------
The Author of Liferay Books:
Liferay Portal 6 Enterprise Intranets
Liferay Portal 5.2 Systems Development
Liferay Portal Enterprise Intranets
thumbnail
Franck Valetas, módosítva 13 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzés: 1 Csatlakozás dátuma: 2010.09.14. Legújabb bejegyzések
I'm a customer with this requirement : SAML 2.0 SSO integration in Liferay portal.

Regards.

Franck
Oleg Cohen, módosítva 13 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 2 Csatlakozás dátuma: 2010.11.03. Legújabb bejegyzések
Franck,

AssureBridge provides a fully-managed, hosted SAML 2.0 Single Sign-On service which includes an easy to implement Liferay SSO Adapter.

For more information please visit our web site: http://www.assurebridge.com.

Best,
Oleg Cohen
thumbnail
giampiero longobardi, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 7 Csatlakozás dátuma: 2010.12.17. Legújabb bejegyzések
Oleg Cohen:
Franck,

AssureBridge provides a fully-managed, hosted SAML 2.0 Single Sign-On service which includes an easy to implement Liferay SSO Adapter.

For more information please visit our web site: http://www.assurebridge.com.

Best,
Oleg Cohen


Franck,
is AusserBridge hook able to delegate portal authentication (and more precisely to portlets within the portal) to authenticate to backing services on the user's behalf ?
How delegated SAML assertions are applied developing a portlet ?
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
I've been lately looking into SAML 2.0 and there might be something coming in 6.1
thumbnail
Jonas X. Yuan, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Master Bejegyzések: 993 Csatlakozás dátuma: 2007.04.27. Legújabb bejegyzések
Good news. Thank you, Mika.

Would you be able to share the time frame? When is this integration expected?

Best regards,

Jonas Yuan

-----------------
The Author of Liferay Books:
Liferay User Interface Development for Liferay 6.0 and 6.1
Liferay Portal 6 Enterprise Intranets
Liferay Portal 5.2 Systems Development
Liferay Portal Enterprise Intranets
thumbnail
Karolin Anna Krieg, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Junior Member Bejegyzések: 53 Csatlakozás dátuma: 2009.12.17. Legújabb bejegyzések
Hey Mika

We use Liferay 6.0.5.
My Company already works with a SAML PHP solution, so the AssureBridge is no option for us.
You recently told that there is something in the pipline? Can you please give an update if a solution for SAML 2.0 is coming?

Thank you very much for a quick answer,

Karolin
Bruno Vernay, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Junior Member Bejegyzések: 36 Csatlakozás dátuma: 2010.04.06. Legújabb bejegyzések
I don't know if it could solve anyone's problem, but I managed to have:
  • Liferay authenticates with OpenAM (ex openSSO) with the direct integration provided by Liferay
  • SimpleSamlPHP using OpenAM too, with SAML 2

So I have SSO between Liferay and PHP applications.
Also, it is out of my scope currently, but OpenAM integrates with Google Apps.

(note: I don't know what will and can be done with SAML, but I was a bit deceived (with LDAP and openSSO) to find that authentication is a narrow subject and doesn't include user provisioning and full attributes and groups mapping.)
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
SAML 2.0 IdP implementation will come with Liferay 6.1. The service provider part is not scheduled yet but you should be able to use Shibboleth with Liferay even with the current release.
thumbnail
Karolin Anna Krieg, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Junior Member Bejegyzések: 53 Csatlakozás dátuma: 2009.12.17. Legújabb bejegyzések
http://issues.liferay.com/browse/LPS-8427 got updated to priority 'critical' with fix version/s '--Sprint - 12/10, 6.1.X'

I can't find the information when 6.1.X will be released?
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
There's no official release date for 6.1 yet but I wouldn't expect it any time soon as we just released 6.0 a few months ago.
Oleg Cohen, módosítva 13 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 2 Csatlakozás dátuma: 2010.11.03. Legújabb bejegyzések
Mika,

The AssureBridge SAML SSO solution includes Liferay plugins for both SAML SP and IdP integration. Our plugins are intended for those teams implementing Liferay that don't have exisiting SAML expertise/product and are not planning to acquire it. Our plugins are part of a fully-managed hosted SSO solution that includes connection set-up, configuration, and integration assitance. Using our services you can be up and running in just a few days.

For more info please visit our site at http://www.assurebridge.com.

Best,
Oleg Cohen
Ivan Morozov, módosítva 13 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzés: 1 Csatlakozás dátuma: 2010.12.02. Legújabb bejegyzések
Oleg,

Are there any configuration guide for SAML Single Sign-On Plugin 1.0.1 ?
Bruno Vernay, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Junior Member Bejegyzések: 36 Csatlakozás dátuma: 2010.04.06. Legújabb bejegyzések
So if I understand correctly, the LPS-8427 is about "SAML Identity Provider" only.

I would need Liferay to be a SAML "Service Provider".

You said that I should be able to use Liferay with Shibboleth already, but how if there is no SAML in Liferay ?? Do you mean CASify the Shibboleth http://code.google.com/p/casshib/ ?

Should I fill an Issue to request for a SAML SP (like the existing LDAP, CAS, NTML, FaceBook, OpenSSO, OpenID, SiteMinder) ??

Regards
Bruno
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
There are several ways to do that. CASShib is one. Another one would be using shibboleth and header based authentication. Shibboleth SAM L SP is a Apache modules that handles all the saml communication and then can provide the user information as headers to Liferay. You could use Liferay's SiteMinder SSO for this as it's also similar header based AutoLogin.
Bruno Vernay, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Junior Member Bejegyzések: 36 Csatlakozás dátuma: 2010.04.06. Legújabb bejegyzések
So I can loging using Site Minder, but it is far from optimal.
  • Logout is not handled
  • I cannot follow Shibboleth best practices

I can't help to think that a SAML SP integration would be really useful. At least to me ...
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
There is a SP implementation also coming. A community member provided a patch against trunk and I'm working on turning it into a plugin. We did the same thing with the IdP implementation. IdP functionality will most likely be EE only.
Bruno Vernay, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Junior Member Bejegyzések: 36 Csatlakozás dátuma: 2010.04.06. Legújabb bejegyzések
Could you warn me as soon as it is in SVN ??
Any delay ? days, weeks, month ???
I can test and report since I already have a working Shibboleth IdP/SP installation with Liferay's SiteMinder authentication.

My problem is that I have a very specific need (SAML for an ECP "Extended Client or Proxy" profile, in order to execute a delegated scenario) which I explain a bit here.

I am already able to read the SAML assertion in a post login hook and put it in the session so a portlet can use it. Now I have to implement the second part: the portlet has to use the assertion to authenticate against a webservice provider. Hopefully I should be able to leverage uPortal work.

Meanwhile, I voted for the SAML SP support: http://issues.liferay.com/browse/LPS-8427 The patch is very impressive, he redeveloped Shibboleth SP without the OpenSAML library.

Regards
Bruno
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
We won't be supporting ECP profile at this point how ever it will probably come later as it's in the roadmap of the customer sponsoring this work. I will post here as soon as the SP plugin hits SVN.
Danilo Tuler, módosítva 13 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 4 Csatlakozás dátuma: 2011.01.27. Legújabb bejegyzések
Any progress on SAML integration?
Is Idp support really coming only on EE version? That's too bad.

Danilo
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
Both SP and IdP plugins are submitted for review and I believe they will be EE only plugins. Both are slated for release with 6.1 but I expect them to become also available for 6.0 EE customers at some later SP release.
Bruno Vernay, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Junior Member Bejegyzések: 36 Csatlakozás dátuma: 2010.04.06. Legújabb bejegyzések
For the IdP I would understand that only EE customer got it.
Others can still install Shibboleth, OpenAM or other free SAML IdP.

But for the SP, it would only facilitate Liferay adoption. I don't understand why it would be restricted to EE. Besides, the current workaround to uses Liferay in a SAML SSO are far from perfect.

Well, I simply hope that SP will be available in the Community Edition.
thumbnail
Mika Koivisto, módosítva 13 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
I'm also hoping we make the SP available for Community Edition.
thumbnail
Shagul Khajamohideen, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Master Bejegyzések: 758 Csatlakozás dátuma: 2007.09.27. Legújabb bejegyzések
Mika Koivisto:
Both SP and IdP plugins are submitted for review and I believe they will be EE only plugins. Both are slated for release with 6.1 but I expect them to become also available for 6.0 EE customers at some later SP release.


Hi Mika,

Are the SP and IdP still slated for 6.1 EE release?

Thanks,
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
Yes they are.
Robert Bailey, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 2 Csatlakozás dátuma: 2010.09.08. Legújabb bejegyzések
Mika Koivisto:
Both SP and IdP plugins are submitted for review and I believe they will be EE only plugins. Both are slated for release with 6.1 but I expect them to become also available for 6.0 EE customers at some later SP release.


Mika, have the plugins been accepted into the EE branch? Any can you provide any updates as to whether the SP functionality has made it into the CE trunk?
Greg King, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 6 Csatlakozás dátuma: 2009.10.21. Legújabb bejegyzések
Hi Mika,

Understand these are included for 6.1 EE release scheduled for September but are they available as part of the 6.0 EE SP1 release which is available now?

Thanks
Greg
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
It's scheduled to be released with 6.1 EE although I believe we are also releasing it for 6.0 EE SP2 at some point. SP1 does not have APIs required by the SAML plugins. In any case it still needs to go through QA before it will be made available so I wouldn't expect it before September.
thumbnail
Ben Chapman, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 23 Csatlakozás dátuma: 2011.03.08. Legújabb bejegyzések
Mika Koivisto:
It's scheduled to be released with 6.1 EE although I believe we are also releasing it for 6.0 EE SP2 at some point. SP1 does not have APIs required by the SAML plugins. In any case it still needs to go through QA before it will be made available so I wouldn't expect it before September.


Is there an update on this? We are EE customers but I do not see the plugins for 6.0.12 yet. If the plugins are not available for 6.0.12, could you share a timeline with us?

Many thanks,

Ben Chapman
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
I don't know if and when will they be released to 6.0.x EE but they should be on time for 6.1 EE.
Raj B Shrestha, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 2 Csatlakozás dátuma: 2009.06.24. Legújabb bejegyzések
Mika Koivisto:
Yes they are.


Can you please confirm if SAML 2.0 SP (in addition to IDP) is included in the Liferay 6.1 EE version released in September 2011?

Thanks a lot.
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
6.1 EE is not yet release but both SAML 2.0 SP and IdP will be available for it.
Raj B Shrestha, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 2 Csatlakozás dátuma: 2009.06.24. Legújabb bejegyzések
Thanks for your quick response Mika.

Can you please advise when Liferay 6.1 EE version is due? Thanks.
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
It is supposed to come out Q4 2011 which is already upon us so I would estimate by end of year. We are currently working through bugs that QA and Bugsquad finds. If you are current EE subscriber you should talk to your account manager or sales rep to get access to preview release once such is made. Feedback is very much welcome. I already have some improvements in mind. I'm also very interested in hearing what kind of setups people use it.
steven zhao, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 3 Csatlakozás dátuma: 2012.02.23. Legújabb bejegyzések
I am trying Liferay 6.1 EE. How do I setup SAML on Liferay? Any user guide for that?
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
I blogged about the Identity Provider setup few days ago. See Getting Started with Liferay SAML 2.0 Identity Provider.
Venky Venkatramani, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzés: 1 Csatlakozás dátuma: 2012.03.05. Legújabb bejegyzések
Hi,

Is this supported in the 6.1 CE GA version? If not, is there a plan to provide this in the near future?
If I have my own implementation of SAML how do I hook it up.
My implementation is nothing but a simple class/method which takes a Configuration Object and generates an XML document (an Assertion or AuthnRequest). Or it takes a XMLDocument (Assertion) and returns the values as simple HashMap.
How can these methods be hooked so that the appropriate URL is called when doing a simple POST?

No requirement for Artifact Support and/or other features under SAML 2.0

Thanks
thumbnail
giampiero longobardi, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 7 Csatlakozás dátuma: 2010.12.17. Legújabb bejegyzések
Mika Koivisto:
I blogged about the Identity Provider setup few days ago. See Getting Started with Liferay SAML 2.0 Identity Provider.


MIke,
is Liferay SAML 2.0 Identity Provider able to delegate portal authentication to a portlet authenticating to backing services on the user's behalf ?
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
The IdP will delegate authentication to portal so what ever you can do with portal authentication hooks should be possible including SSO providers but those cases are not tested. With the IdP the idea is that the portal has the authority over the user.
Balakrishnan Ramasubbu, módosítva 9 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 3 Csatlakozás dátuma: 2014.11.11. Legújabb bejegyzések
Hi Mika ,

Can you please how we can achieve the saml functionality in community edition, my main requirement i want to make my life ray server as identity server for other application with saml standards.

Thanks
thumbnail
Mika Koivisto, módosítva 9 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
The Liferay SAML portlet that provides the identity provider functionality is EE only.
Balakrishnan Ramasubbu, módosítva 9 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 3 Csatlakozás dátuma: 2014.11.11. Legújabb bejegyzések
Hi Mika,

Thanks for your reply.

I agree with you , I m seeing Shibboleth as open source which supports SAML , but my confusion is like how to make Liferay as identity provider using Shibboleth , can you please guide me .

Thanks for your support.
thumbnail
Mika Koivisto, módosítva 9 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
The Shibboleth plugin is only SAML SP not IdP.
Balakrishnan Ramasubbu, módosítva 9 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 3 Csatlakozás dátuma: 2014.11.11. Legújabb bejegyzések
Mika Koivisto:
The Shibboleth plugin is only SAML SP not IdP.


Thanks Mika for your reply , can you suggest me some other plugin or way to implement SAML IDP in liferay , since we have released one version to customer with community edition . we cant go for enterprise edition.

Regards,
Bala
Denis Vaumoron, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 6 Csatlakozás dátuma: 2010.11.26. Legújabb bejegyzések
Here a link about the implementation of the SP support, but that's in french, an english version should be available soon.

Blog Excilys » SAML 2 et Liferay – partie 1
thumbnail
Ben Chapman, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 23 Csatlakozás dátuma: 2011.03.08. Legújabb bejegyzések
Denis Vaumoron:
Here a link about the implementation of the SP support, but that's in french, an english version should be available soon.

Blog Excilys » SAML 2 et Liferay – partie 1



Thanks for passing this along.
Prafull Kumar, módosítva 12 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzés: 1 Csatlakozás dátuma: 2011.10.10. Legújabb bejegyzések
Hello All,

I am looking for the Service Provider initiated SAML 2.0 SSO support in Liferay. According to whitepaper "Identity Management in Liferay - Overview and Best practices" it seems that for Liferay 6.0EE already supports SAML for SSO. Could you please confirm this and provide details to configure the SAML based SSO?

Also please confirm if the SAML support would be available in the CE version of Liferay 6.1?

Note: It seems to me that for the OpenSSO/CA SiteMinder/OAM the integration in Liferay6.0EE is proprietary and not the SAML compliant.

Regards, Prafull
thumbnail
Juan Gonzalez P, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 3089 Csatlakozás dátuma: 2008.10.28. Legújabb bejegyzések
Danilo Tuler:

Is Idp support really coming only on EE version? That's too bad.

Danilo


Guess it is.
thumbnail
Mika Koivisto, módosítva 12 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
Yes, it was released as EE only feature.
thumbnail
Mika Koivisto, módosítva 11 év-val korábban

Thread Split

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
Mahesh Panchal, módosítva 10 év-val korábban

RE: SAML support within Liferay?

New Member Bejegyzések: 3 Csatlakozás dátuma: 2011.06.03. Legújabb bejegyzések
Hi Mika,
Do we have saml plugin available for 6.0.12 EE ?
thumbnail
Mika Koivisto, módosítva 10 év-val korábban

RE: SAML support within Liferay?

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
SAML was 6.1 feature so no we don't have it for 6.0.12.